⭐ Merited by o_e_l_e_o (4)
I don't think you can say that for sure. Given that on Ledger devices you can enter a passphrase without opening the bitcoin app, then clearly it can still access the seed phrase and perform operations on it, which will include potentially deriving public keys. Given it is closed source, we can't say for sure this isn't happening.
That's true.
I think the best option is to have your basic wallet completely empty and only store coins behind additional, temporary passphrases. If you then only unlock your wallet but never enter a passphrase before connecting to Ledger Live for updates, and only open your passphrased wallets when connected to your own Electrum server or similar, then this should (but again, we can't be certain) prevent the public keys from your passphrased wallets being leaked during an update.
Alternatively have a dummy seed phrase which you enter to the device prior to any updates, and then restore your real seed phrase after.
Alternatively have a dummy seed phrase which you enter to the device prior to any updates, and then restore your real seed phrase after.
Actually I find the best option to have a cold storage and not a hardware wallet, especially a closed source one. Convenience has its price and that price is unfortunately rising.
Using a different seed phrase will not work because in order to change the seed you have to enter wrong PIN 3 times and reset the device. The result is that the apps have to be reinstalled at the moment the device has your HD seed and this procedure is done with (drums) Ledger Live. Yeah...
